Require id-token write permissions from GitHub Actions to generate provenance report

hkdobrev · hkdobrev · commit 384340cc1c9e · 2024-08-05T17:25:02.000+03:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -26,6 +26,9 @@ jobs:
   publish-npm:
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -40,6 +43,9 @@ jobs:
   publish-gpr:
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
